Human resource professionals are entrusted with employees’ personal information on a regular basis. Sensitive information can include a person’s address, date of birth, marital status, hiring paperwork, compensation, health information and investigation records.
Some information is legally considered private and must be protected in accordance with numerous federal laws. Other information should be safeguarded simply because it is considered confidential. But in today’s digital world, it’s all too easy to compromise that confidentiality.
What can HR professionals do to safeguard sensitive information? Here are our top seven tips.
Is it really essential for a job candidate to disclose a Social Security number to apply for a job? If not, then don’t ask for it. If you can limit the amount of personal information you have, then you will have an easier time ensuring security.
Make sure that everyone in your company is aware of the importance of protecting HR information. What might seem obvious to you about keeping sensitive information confidential might not be obvious to everyone else.
Take, for example, the 2016 case of when a Boeing worker sent the personal information of 36,000 Boeing employees to his wife because he wanted her help formatting a spreadsheet. He didn’t realize that the document contained sensitive information, including names, birthdates and Social Security numbers.
The last thing you want is for people to have unrestricted access to databases with employees’ personal information. Create ways so that only authorized personnel can log in, and so that you will not mistakenly share sensitive information with the wrong people.
Consider a solution like DataRails, which allows you to set up permissions and control access, so that only approved personnel are permitted to open a designated Excel file. In addition, DataRails allows you to add cell-level permissions for an added level of security.
If your desk is in a public area, make sure your screen is facing away from where people pass by. Don’t share your password, and don’t write your password on a post-it in a work area where others can see it or even in an unlocked drawer. Finally, make sure to shut down your computer at the end of the day.
Email is extremely convenient—but it also makes it very easy to mistakenly add recipients who should not be included. You could be sending a sensitive email to Tom Graham, but if you’re not careful, Tom Grady could be the one who receives it.
Even worse, you could easily email an entire group by mistake. Consider, for example, the many cases of college acceptance letters being erroneously emailed to every single applicant. This occurred at elite institutions including UC Davis, Cornell, Carnegie Mellon, UC Berkeley, Northwestern, New York University and more. Double and triple check the names of your email recipients so that you don’t make the same mistake.
If you are using Google to send a calendar invite for a disciplinary meeting, the subject of the invite could show up in your calendar for everyone to see. You can avoid this problem by checking your “Access permissions” in your calendar settings. Switch “See all event details” to “See only free/busy.” Or even better, get into the habit of not including the reason for the meeting on your invite.
Recruiters often use text messaging to communicate with job candidates and employees. Texting is particularly effective for getting an immediate response for confirming receipt of documents, times for interviews and directions to the office.
But texting any confidential information should be avoided, since doing so makes it much harder to protect data. And since it’s easy to forget that even something as simple as a home address is considered private, it’s probably best to minimize texting in general.